ISSO Lead - FCC

cFocus Software seeks an ISSO Lead to join our program supporting the Federal Communications Commission (FCC). This position is on-site in Washington, DC.

Qualifications:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Information Technologies, or other related fields
• Certified Information Systems Security Professional (CISSP)
• 5+ years of related management experience in the field of information system security
• Working knowledge of the RMF, as well as information assurance, continuous monitoring, and POA&M management. must be able to perform any and all of the functions associated with this effort
• Possess the knowledge, skills, tasks, and capabilities described in the work role Systems Security Management (OG-WRL-014) as outlined in the NICE Work Role Framework

Duties:

• Support IT FISMA System Portfolio Management, Cybersecurity Risk Management & Planning, Security Impact Analysis, Security Artifact and Documentation Development, Review, and Delivery, ,Security, Risk, & Compliance Consulting, IT Continuity Planning
• Privacy compliance Initial Privacy Assessments (IPAs) and Privacy Impact Assessments (PIAs) support, & Plan of Action and Milestones (POA&M) Management
• Possess the knowledge, skills, abilities, staff support, and other related resources necessary to Prepare, Categorize information systems, select security controls, implement security controls, authorize information systems, monitor security controls, and other RMF related services
• Serve as primary liaison between the FCC Cybersecurity Group, Information System Owner (SO), Enterprise Common Control Provider (ECCP), and Information Owner for coordination and dissemination of information on technical security and risk-related matters.
• Verify applications and support systems are meeting information security policies, including continuous vulnerability scans, patch management, and configuration management.
• Ensure compliance with requirements concerning the use of commercial and open-source software through the FCC OCIO Governance Boards.
• Assist with reporting and investigating information security incidents to the Cybersecurity Group Security Operations Center (SOC) and gather pertinent information or provide requested services in support of incident handling.
• Identify the security categorization and control selection of the information system to determine the potential adverse impact in the event of a security breach following the established methodology for execution of these activities, stipulated in the FCC’s Risk Management Framework Program methodology document.
• Coordinate with stakeholders to document and implement standard controls for existing ECCPs and facilitate discussions with Program Areas to maintain and expand standard control providers, as needed.
• Coordinate Initial Privacy Assessments (IPAs) and Privacy Impact Assessments (PIAs).
• Perform real-time monitoring of assigned information systems through dashboarding capabilities to support continuous monitoring.
• Drafts, reviews, and updates information system continuous monitoring plans based on changes in risk, control selection, laws, executives’ orders, and guidelines.
• Review tiered information security reports for the information system and participate in briefings with the system owner, Chief Information Security Officer (CISO), and Authorizing Officials, including the Chief Information Officer (CIO).
• Regularly review the FCC security posture and prepare status update Security Posture Report with adjusted metrics